Posthog-js dependency versioning #778
Description
Following the event of the week of 11-24-2025 that shan't be named, there's been some concerns (rightfully so) regarding various versions of affected packages.
Right now chatbot has posthog-js installed as a dependency with version ^1.194.4, while version [email protected] is noted as being compromised. The suggestion is to bump to 1.298.0 if there's any plan to upgrade and help avoid the compromised version.
ODH Dashboard has noted that due to chatbot's dep of posthog-js, they end up with [email protected] (note: this is 0.018 versions older than the compromised version), and it is worth noting that per an email from DevOps that no action is necessary at this time (emphasis mine).
However, we can keep this issue open 1) to keep people in the know on the matter, and b) potentially track posthog-js and/or other dep bumps we may want to do in chatbot just to get things on more recent versions.